2 matches found
Sql injection
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053...
CVE-2006-2053
CVE-2006-2053 affects QuickEStore 7.9 and earlier. The vulnerability consists of multiple SQL injection flaws allowing remote execution of arbitrary SQL via these parameters: OrderID (shipping.cfm, checkout.cfm), ItemID (proddetail.cfm), SubCatID (index.cfm), CategoryID (prodpage.cfm), and ProdID...